Google’s Mandiant researchers spotted threat actors exploiting a now-patched Triofox flaw, tracked as CVE-2025-12480 that allows them to bypass authentication to upload and run remote access tools via the platform’s antivirus feature.

SonicWall has confirmed that a September 2025 security breach involving its MySonicWall cloud backup service was the result of a sophisticated attack by a state-sponsored threat actor.

A coordinated international law enforcement operation has led to the arrest of nine individuals across Cyprus, Spain, and Germany for their involvement in laundering over €600 million through fraudulent cryptocurrency investment schemes.

A new wave of Android malware is exploiting Near-Field Communication (NFC) and Host Card Emulation (HCE) to steal payment data and conduct fraudulent transactions. Over 760 malicious apps have been identified.

A major data breach at Conduent has compromised the personal information of approximately 10,515,849 individuals. The breach, discovered exposed sensitive data including names, addresses, dates of birth, SSNs, and health and insurance information.

Herodotus is a sophisticated Android device-takeover banking Trojan. It is engineered to evade behavioral biometrics and anti-fraud systems by mimicking human typing behavior through randomized delays.

A large-scale Distributed Denial-of-Service (DDoS) attack has targeted Russia’s Federal Service for Veterinary and Phytosanitary Surveillance (Rosselkhoznadzor), severely disrupting food logistics across the country.

A ransomware attack by the Safepay group has compromised Xortec GmbH, a German provider of professional video surveillance and security solutions. The group has listed Xortec on its data leak site.

An unauthenticated attacker can exploit the flaw to execute arbitrary code. The vulnerability is an out-of-bounds write issue that affects Fireware OS versions 11.10.2–11.12.4_Update1, 12.0–12.11.3, and 2025.1.

A Massachusetts student has been sentenced to four years in prison for hacking and extorting approximately $3 million from two companies. The cyberattack led to the exposure of sensitive data belonging to nearly 70 million individuals